Digital printing technology has enabled mailers to implement digital, i.e. bit map addressable, printing for the purpose of evidencing payment of postage. Advances in digital printing technology have made it possible to print on a mailpiece a postage indicium that is unique to the mailpiece. The indicium is unique because it includes information relating directly to the mailpiece, for example, postage value, date, piece count, origin postal code and/or destination postal code (referred to herein as indicium information or indicium data).
From the Postal Service's perspective, it will be appreciated that the digital printing and scanning technology make it fairly easy to counterfeit a postal value bearing indicium since any suitable computer and printer may be used to generate multiple copies of an image once generated.
In order to validate an indicium printed on a mailpiece, that is to ensure that accounting for the postage amount printed on a mailpiece has been properly done, it is known to include as part of the franking an encrypted number such that, for instance, the value of the franking may be verified from the encrypted data in the indicium to learn whether the value as printed on the mailpiece is correct. See, for example, U.S. Pat. Nos. 4,757,537 and 4,775,246 to Edelmann et al., as well as U.S. Pat. No. 4,649,266 to Eckert. It is also known to authenticate a mailpiece by including the address as a further part of the encryption as described in U.S. Pat. No. 4,725,718 to Sansone et al. and U.S. Pat. No. 4,743,747 to Fougere et al.
U.S. Pat. No. 5,170,044 to Pastor describes a method and apparatus for the representation of binary data in the form of an indicium comprising a binary array of pixels. The actual arrays of pixels are scanned in order to identify the sender of the mailpiece and to recover other encrypted and plain text information. U.S. Pat. No. 5,142,577 to Pastor describes various alternatives to the DES algorithm for encrypting a message and for comparing the decrypted postal information to the plain text information on the mailpiece.
U.K. Patent Application 2,251,210A to Gilham describes a meter that contains an electronic calendar to inhibit operation of the franking machine on a periodic basis to ensure that the user conveys accounting information to the postal authorities. U.S. Pat. No. 5,008,827 to Sansone et al. describes a system for updating rates and regulation parameters at each meter via a communication network between the meter and a data center. While the meter is on-line status registers in the meter are checked and an alarm condition raised if an anomaly is detected. U.S. Pat. No. 4,853,961 to Pastor describes critical aspects of using public key cryptography for mailing applications.
U.S. Pat. No. 5,390,251 to Pastor et al. describes a system for controlling the validity of printing of indicia on mailpieces from a potentially large number of users of postage meters including apparatus disposed in each meter for generating a code and for printing the code on each mailpiece. The code is an encrypted code representative of the apparatus printing the indicium and other information uniquely determinative of the legitimacy of postage on the mailpieces. The keys for the code generating apparatus are changed at predetermined time intervals in each of the meters. A security center includes apparatus for maintaining a security code database and for keeping track of the keys for generating security codes in correspondence with the changes in each generating apparatus and the information printed on the mailpiece by the postage meter apparatus for comparison with the code printed on the mailpiece. There may be two codes printed, one used by the Postal Service for its security checks and one by the manufacturer. The encryption key may be changed at predetermined intervals or on a daily basis or for printing each mailpiece.
Recently digital meters, such as PostPerfect.TM. and Personal Post Office.TM., both manufactured by the assignee of the present invention, have been developed. Such digital meters employ cryptographic means to produce evidence of postage payment. The encryption is performed using cryptographic keys for signing indicium data printed on the envelope with two "digital tokens". In each digital meter, independent keys stored therein are used for generating two digital codes or tokens needed for verification of indicia printed on mailpieces. One digital token provides evidence of postage paid to the Postal Service, and the second digital token provides evidence to the vendor, such as the assignee of the present invention. As used herein, a digital token is a truncation of the result of a symmetric-key cryptographic transformation, such as a truncated Data Encryption Standard Message Authentication Code, applied to data appearing in the indicium. The indicium data elements, also referred to herein as input postal data or simply postal data, may include postage value, date, register values, postal code of the geographical deposit area, recipient address information and piece count. A verifier with access to a key matching the key used for generating the digital token in the digital meter performs digital token validation, i.e., verification that accounting for the postage value printed in the indicium has been properly done.
For security reasons, the keys in each meter are different Information about the meter and mailpiece are combined and separately encrypted with vendor and with postal master keys or keys derived therefrom. Portions of the resulting information are printed on the mail piece as digital tokens. The indicium information and the associated digital tokens can be verified by a device that processes the information in the same manner with the same keys and compares the resulting digital tokens with those printed on the mail piece.
It will be appreciated that in order to verify the indicium information printed on a mailpiece, a verifier must first be able to obtain the key used by the particular meter that generated the indicium. In trying to deal with mailing systems which may incorporate such encryption systems, it must be recognized that the meter population is large and subject to constant fluctuation as meters are added and removed from service. If the same key were to be used for all meters, the key distribution is simple but the system is not secure. Once the code is broken by anyone, the key may be made available to other users and the entire operation is compromised. However, if separate keys are used respectively for each meter then key management potentially becomes extremely difficult considering the fluctuations in such a large population.
U.S. patent application Ser. No. 08/133,416, filed Oct. 8, 1993, and assigned to the assignee of the instant application, describes a key management system for mail processing that assigns one of a set of predetermined keys by a determined relationship to a particular meter, effectively allowing multiple meters to share a single key. The key management system includes the generation of a first set of keys which are then used for a plurality of respective postage meters. A first key of the first set of keys is then related to a specific meter in accordance with a map or algorithm. The first key may be changed by entering a second key via an encryption using the first key.
U.S. patent application Ser. No. 08/414,896, filed Mar. 31, 1995, and assigned to the assignee of the instant application, describes a method of token verification in a Key Management System. The method provides a logical device identifier and a master key created in a logical security domain to a transaction evidencing device, such as a digital postage meter. A master key record is created in a key verification box, and the master key is securely stored as a record in a Key Management System archive. Evidence of the transaction information integrity and the master key record from the Key Management System archive are input into a token verification box. The token verification box determines that the master key is valid, uses the master key to verify the evidence of transaction information integrity, and outputs an indication of the result of the verification of the evidence of transaction information integrity. The master key record includes the logical device identifier, the master key and a digital signature associating the logical device identifier and the master key. The token verification box checks the digital signature to verify the association of the logical device identifier and the master key within the logical security domain.